Providing data security with a token device

ABSTRACT

A computer-implemented method for providing security to access and store data may include transferring first information for display from a token device having a memory to a first computing device at a first time, the token device connected to the first computing device and the first information describing public data stored on the token device. A request to retrieve a root directory of private data may be received, the request specifying a root directory name. In response to receiving the request to retrieve a root directory of private data, the root directory may be requested by establishing a wireless connection between the token device and a server computing device, transferring the root directory name to the server computing device, wherein the root directory name is used as a password to retrieve the root directory, and receiving the root directory from the server computing device by the token device.

BACKGROUND

This disclosure relates generally to providing security to access andstore data, and more specifically, to providing security with a tokendevice.

Authentication and authorization are vital elements in cloud security.Authentication is the process that allows a system to identify a userand then validate the user's identity through an entry access code(i.e., a password). Various methods have been generated to improve theauthentication process. For example, before a password is stored on aserver, a password may be encrypted. Accordingly, unauthorized users maynot able to decipher the password unless the unauthorized users have acorresponding key to decrypt the password. A second method with variousiterations is called hashing. Hashing is similar to encryption in thatthe user password is converted into a random string of text. However,hashes cannot be converted back into a password. Unauthorized users mayperform what is known as a brute force attack. This is where everyconceivable word is converted into a hash. Unauthorized users may thencheck to see if the hash is listed on their list of stolen accounts, andif the hash is listed, the corresponding password is discovered.

SUMMARY

One or more embodiments are directed to a computer-implemented methodfor providing security to access and store data. The method can includetransferring first information for display from a token device having amemory to a first computing device at a first time, the token deviceconnected to the first computing device and the first informationdescribing public data stored on the token device. The method canfurther include receiving a request to retrieve a root directory ofprivate data, the request specifying a root directory name. In responseto receiving the request to retrieve a root directory of private data,the method may also include requesting the root directory byestablishing a wireless connection between the token device and a servercomputing device, and transferring the root directory name to the servercomputing device. The root directory name is used as a password toretrieve the root directory. The method may further include receivingthe root directory from the server computing device by the token device.One or more embodiments are directed to a token device for providingsecurity to access and store data. The token device may include amemory, a private data conceal engine, a radio, and a cryptosystem. Theprivate data conceal engine may be configured to transfer firstinformation for display from the token device to a first computingdevice at a first time. The token device may be connected to the firstcomputing device at the first time. The first information may describepublic data stored on the token device. The radio may be configured toestablish a wireless connection between the token device and a servercomputing device. The token device may receive a request to retrieve aroot directory of private data. The request may specify a root directoryname and in response to the receiving of the request, the token devicecan request the root directory from the server computing device andreceive the root directory from the server computing device. Thecryptosystem can be configured to transfer the root directory name tothe server computing device. The root directory name is used as apassword to retrieve the root directory from the server computingdevice.

One or more embodiments are directed to a computer program product. Thecomputer program product comprises a computer readable storage mediumhaving program code embodied therewith. The program code comprisescomputer readable program code that may be configured for transferringfirst information for display from a token device having a memory to afirst computing device at a first time, the token device connected tothe first computing device and the first information describing publicdata stored on the token device. In addition, the computer readableprogram code may be configured for receiving a request to retrieve aroot directory of private data, the request specifying a root directoryname. In response to receiving the request to retrieve a root directoryof private data, the computer program readable program code may also beconfigured for requesting the root directory by establishing a wirelessconnection between the token device and a server computing device, andtransferring the root directory name to the server computing device,wherein the root directory name is used as a password to retrieve theroot directory. The computer program readable program code may also beconfigured for receiving the root directory from the server computingdevice by the token device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts a cloud computing environment according to an embodimentof the present invention.

FIG. 2 is a block diagram example of a computing device, which includesa token device, according to embodiments.

FIG. 3 is a block diagram of an example token device of FIG. 2, and thecomponents and data that can reside therein, according to embodiments.

FIG. 4 is a flow diagram of an example process for securely accessingand storing private data using the token device, according toembodiments.

FIG. 5 is a flow diagram of an example process for accessing offlinedata that is stored on the token device, according to embodiments.

FIG. 6 is a flow diagram of an example process of generating offlinedata entries on a token device, and synchronizing to a server computingdevice to store the data entries to the server computing device,according to embodiments.

FIG. 7 depicts a cloud computing node according to an embodiment of thepresent invention.

FIG. 8 depicts abstraction model layers according to an embodiment ofthe present invention.

In the Figures and the Detailed Description, like numbers refer to likeelements. The drawings included in the present application areincorporated into, and form part of, the specification. They illustrateembodiments of the present invention and, along with the description,serve to explain the principles of the invention. The drawings are onlyillustrative of certain embodiments and do not limit the invention.While the invention is amenable to various modifications and alternativeforms, specifics thereof have been shown by way of example in thedrawings and will be described in detail. It should be understood,however, that the intention is not to limit the invention to theparticular embodiments described. On the contrary, the intention is tocover all modifications, equivalents, and alternatives falling withinthe spirit and scope of the invention.

DETAILED DESCRIPTION

Users may be exposed to unauthorized access of private data stored oncloud drives (i.e., cloud provider servers). Consequently, users may behesitant to utilize cloud storage drives to store sensitive data. Cloudstorage security systems today may utilize various methods to ensuredata security. For example, before a password is stored on a server, apassword may be encrypted. Accordingly, unauthorized users may not ableto decipher the password unless the unauthorized users have acorresponding key to decrypt the password. As discussed, a second methodto ensure data security is hashing. The success of these and otherauthentication security methods may require users to generate strongpasswords, change passwords often, and not use the same passwords fordifferent accounts. Moreover, cloud computing providers may only requirea single password credential for users. Consequently, when anunauthorized access of private data has occurred, an entire collectionof directories (i.e., folders) of private data may be available.Further, if a user wants to manage private data directly through a webbrowser, the web browser may retain a URL address footprint that mayinclude passwords and other sensitive information.

One method of maintaining the security of sensitive information is tonot utilize cloud storage drives, but simply store data on a UniversalSerial Bus (USB) flash drive. However, this may nullify the benefits ofcloud storage, such as the ability to access private data from anylocation. Moreover, if an unauthorized user stole the USB flash drive,the unauthorized user may simply connect the flash drive to a computingdevice and have full access to all of the viewable private data.Further, the user may easily lose the USB flash drive. Accordingly,various embodiments of the present disclosure are directed to providingsecurity to access and store data by utilizing a token device (e.g., aUSB flash drive device with wireless capability) such that a user maymanually input a directory name on the token device drive to retrievethe corresponding directory. The directory name may be utilized as apassword to authenticate the user's identity. Consistent with someembodiments, after a server computing device authenticates a user'sidentity, the directory may be sent to the token device such that acomputing device that the token device is connected to displays thedirectory name on the token device (i.e., the directory becomes visibleand accessible after authentication). In some embodiments, the tokendevice may generate a unique compressed uniform resource locator (URL)each time a link, which corresponds to the compressed URL, is selectedto open a directory of private data in a browser such that there is noURL footprint to retrieve sensitive data by unauthorized users. Invarious embodiments, the token device may be configured to alter howmuch of a total storage capacity is visible using a public storagefeature and how much of the total storage capacity is not visible.

It is understood in advance that although this disclosure includes adetailed description on cloud computing, implementation of the teachingsrecited herein are not limited to a cloud computing environment. Rather,embodiments of the present invention are capable of being implemented inconjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 1, illustrative cloud computing environment 50 isdepicted. As shown, cloud computing environment 50 comprises one or morecloud computing nodes 10 with which local computing devices used bycloud consumers, such as, for example, personal digital assistant (PDA)or cellular telephone 100A, desktop computer 100B, laptop computer 100C,and/or automobile computer system 100N may communicate. Nodes 10 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows cloud computing environment 50 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 100A-Nshown in FIG. 2 are intended to be illustrative only and that computingnodes 10 and cloud computing environment 50 can communicate with anytype of computerized device over any type of network and/or networkaddressable connection (e.g., using a web browser).

FIG. 2 is a block diagram example of a computing device (100A-N), whichincludes a token device, according to various embodiments. Themechanisms and apparatus of the various embodiments disclosed hereinapply equally to any appropriate computing device. The major componentsof the computing device 100 include one or more processors 202, a memory204, a terminal interface 212, a storage interface 214, an Input/Output(“I/O”) device interface 216, and a network interface 218, all of whichare communicatively coupled, directly or indirectly, for inter-componentcommunication via a memory bus 206, an I/O bus 208, bus interface unit(“IF”) 209, and an I/O bus interface unit 210.

The computing device 100 may contain one or more general-purposeprogrammable central processing units (CPUs) 202A and 202B, hereingenerically referred to as the processor 202. In an embodiment, thecomputing device 100 may contain multiple processors; however, inanother embodiment, the computing device 100 may alternatively be asingle CPU device. Each processor 202 executes instructions stored inthe memory 204 and may include one or more levels of on-board cache.

In an embodiment, the memory 204 may include a random-accesssemiconductor memory, token device 222 memory, or storage medium (eithervolatile or non-volatile) for storing or encoding data and programs. Inanother embodiment, the memory 204 represents the entire virtual memoryof the computing device 100, and may also include the virtual memory ofother computer systems coupled to the computing device 100 or connectedvia a network 250. The memory 204 is conceptually a single monolithicentity, but in other embodiments the memory 204 is a more complexarrangement, such as a hierarchy of caches and other memory devices. Forexample, memory may exist in multiple levels of caches, and these cachesmay be further divided by function, so that one cache holds instructionswhile another holds non-instruction data, which is used by the processoror processors. Memory may be further distributed and associated withdifferent CPUs or sets of CPUs, as is known in any of various so-callednon-uniform memory access (NUMA) computer architectures.

The memory 204 may store all or a portion of the components and datashown in FIG. 4. These programs and data structures are illustrated inFIG. 4 as being included within the token device 222, however, in otherembodiments, some or all of them may be on different computer systemsand may be accessed remotely, e.g., via a network 250. The computingdevice 100 may use virtual addressing mechanisms that allow the programsof the computing device 100 to behave as if they only have access to alarge, single storage entity instead of access to multiple, smallerstorage entities. Thus, while the components and data shown in FIG. 4are illustrated as being included within the token device 222, thesecomponents and data are not necessarily all completely contained in thesame token device 222 at the same time. Further, although the componentsand data shown in FIG. 4 are illustrated as being separate entities, inother embodiments some of them, portions of some of them, or all of themmay be packaged together.

In an embodiment, the components and data shown in FIG. 4 may includeinstructions or statements that execute on the processor 202 orinstructions or statements that are interpreted by instructions orstatements that execute on the processor 202 to carry out the functionsas further described below. In an embodiment, the components shown inFIG. 4 may include data in addition to instructions or statements.

The computing device 100 may include a bus interface unit 209 to handlecommunications among the processor 202, the memory 204, a display system224, and the I/O bus interface unit 210. The I/O bus interface unit 210may be coupled with the I/O bus 208 for transferring data to and fromthe various I/O units. The I/O bus interface unit 210 communicates withmultiple I/O interface units 212, 214, 216, and 218, which are alsoknown as I/O processors (IOPs) or I/O adapters (IOAs), through the I/Obus 208. The display system 224 may include a display controller, adisplay memory, or both. The display controller may provide video,audio, or both types of data to a display device 226. The display memorymay be a dedicated memory for buffering video data. The display system224 may be coupled with a display device 226, such as a standalonedisplay screen, computer monitor, television, or a tablet or handhelddevice display. In an embodiment, the display device 226 may include oneor more speakers for rendering audio. Alternatively, one or morespeakers for rendering audio may be coupled with an I/O interface unit.In alternate embodiments, one or more of the functions provided by thedisplay system 224 may be on board an integrated circuit that alsoincludes the processor 202. In addition, one or more of the functionsprovided by the bus interface unit 209 may be on board an integratedcircuit that also includes the processor 202.

The I/O interface units support communication with a variety of storageand I/O devices. For example, the terminal interface unit 212 supportsthe attachment of one or more user I/O devices 220, which may includeuser output devices (such as a video display device, speaker, and/ortelevision set) and user input devices (such as a keyboard, mouse,keypad, touchpad, trackball, buttons, light pen, or other pointingdevice). A user may manipulate the user input devices using a userinterface, in order to provide input data and commands to the user I/Odevice 220 and the computing device 100, and may receive output data viathe user output devices. For example, a user interface may be presentedvia the user I/O device 220, such as displayed on a display device,played via a speaker, or printed via a printer.

The storage interface 214 supports the attachment of one or more diskdrives or direct access token devices 222 (which may be rotatingmagnetic disk drive token devices 222, although they could alternativelybe arrays of disk drives configured to appear as a single large storagedevice to a host computer, or solid-state drives, such as flash memory).In another embodiment, the token device 222 may be implemented via anytype of secondary storage device. The contents of the memory 204, or anyportion thereof, may be stored to and retrieved from the token device222 as needed. The I/O device interface 216 provides an interface to anyof various other I/O devices or devices of other types, such as printersor fax machines. The network interface 218 provides one or morecommunication paths from the computing device 100 to other digitaldevices and computer systems, such as database servers. Thesecommunication paths may include, e.g., one or more networks 250.

Although the computing device 100 shown in FIG. 2 illustrates aparticular bus structure providing a direct communication path among theprocessors 202, the memory 204, the bus interface 209, the displaysystem 224, and the I/O bus interface unit 210, in alternativeembodiments the computing device 100 may include different buses orcommunication paths, which may be arranged in any of various forms, suchas point-to-point links in hierarchical, star or web configurations,multiple hierarchical buses, parallel and redundant paths, or any otherappropriate type of configuration. Furthermore, while the I/O businterface unit 210 and the I/O bus 208 are shown as single respectiveunits, the computing device 100 may, in fact, contain multiple I/O businterface units 210 and/or multiple I/O buses 208. While multiple I/Ointerface units are shown, which separate the I/O bus 208 from variouscommunications paths running to the various I/O devices, in otherembodiments, some or all of the I/O devices are connected directly toone or more system I/O buses.

In various embodiments, the computing device 100 may be implemented as adesktop computer, portable computer, laptop or notebook computer, tabletcomputer, pocket computer, telephone, smart phone, or any other suitabletype of electronic device.

FIG. 2 is intended to depict the representative major components of thecomputing device 100. Individual components, however, may have greatercomplexity than represented in FIG. 2, components other than or inaddition to those shown in FIG. 2 may be present, and the number, type,and configuration of such components may vary. Several particularexamples of additional complexity or additional variations are disclosedherein; these are by way of example only and are not necessarily theonly such variations. The various program components illustrated in FIG.2 may be implemented, in various embodiments, in a number of differentmanners, including using various computer applications, routines,components, programs, objects, modules, data structures, etc., which maybe referred to herein as “software,” “computer programs,” or simply“programs.”

FIG. 3 is a block diagram of an example token device 222 of FIG. 2, andthe components and data that can reside therein, according toembodiments. In an embodiment the token device 222 may include acryptosystem 302, which may further include an encryption engine 304 anda keying system 306 to perform various operational procedures. The tokendevice 222 may also include a compressed URL generator 310, a radio 314,a private/public storage engine 312, a private data conceal engine 316,and an authentication engine 318.

In one embodiment, the token device 222 may be a universal serial bus(USB) token, which includes flash memory. Alternatively, the tokendevice 222 may be a smart card, also known as an integrated circuitcard. In this embodiment, a smart card reader (or reader/writer) andsmart card driver may be utilized in conjunction with the smart card toread the smart card. In various embodiments, the token device 222 may bea contactless token device 222. A contactless token device 222 does notrequire physical connection with the computing device, but rather alogical connection is made to the computing device. For example, a smartcard may be placed at a particular distance from the smart card reader,and the smart card reader may scan (read) the smart card to make alogical connection to the computing device.

A cryptosystem 302 is a system of encoding and decoding private datawith an algorithm such that unauthorized users may not easily accessprivate data. An encryption engine 304 may initiate encryption of thedirectory name or directory files using various algorithms, and thekeying system 306 may create and manage keys that encrypt or decrypt thedirectory name or directory files. The encryption engine 304 and keyingsystem 306 may be combined to form various methods of authenticating auser's identity using the generated directory name, as discussed morebelow.

A compressed URL generator 310 may be utilized if the user chooses tomanage data files directly from a web browser. The compressed URLgenerator 310 may generate a URL each time a link, which corresponds tothe compressed URL, is selected to open the one or more data files in abrowser. The compressed URL generator 310 may be utilized to hide thepresence of URL footprints such that unauthorized users may not be ableto track the directory names or other sensitive information.

A radio 314 may be included in the token device 222 to establish awireless connection between the token device 222 and a server computingdevice. This may be utilized in order for the token device 222 torequest one or more directories by transferring the correspondingdirectory name to the server computing device. The directory name may beused as a password to retrieve the corresponding directory. The servercomputing device may also communicate with the radio 314 to authenticatethe user's identity. The token device 222 may further include a switchto turn the wireless capability on and off such that a user may chooseto manage data online or offline. The radio 314 may include atransmitter to send requests using the directory name, a receiver toread signals from the server computing device, and antenna to receiveand send the requests.

The token device 222 may include a public storage engine 312 to allowfor displaying a public storage. The display of the public storage mayshow a total storage capacity that is less than the actual total storagecapacity of the token device 222 and the display of the public storageshows only the public data stored on the token device 222. The tokendevice 222 may be configurable to alter how much of the total storagecapacity is displayed for the public storage.

The private data conceal engine 316 may be utilized when the tokendevice is first connected to the computing device before a rootdirectory has been generated and/or when directories of data have beenstored on the token device 222. If the token device 222 is synchronizedwith the server computing device to store a directory from the servercomputing device to the token device, the user may be able to retrievethe directory from the token device instead of a server computingdevice. In an embodiment, the user may connect the token device 222 to acomputing device. The token device 222 may then transfer information fordisplay to the computing device. However, the information may onlydescribe public data stored on the token device (e.g., the user sees anempty drive), even though the private data of directories are stored onthe token device 222. This may be possible through the private dataconceal engine 316. In one embodiment, the data conceal engine 316 mayconceal the directories of data such that the directories are notviewable on a computing device display screen. The private data concealengine 316 may conceal the directories by encrypting them, marking themas hidden, and reveal them to the display screen as soon as theauthentication engine 318 or other server computing device verifies thatthe directory name generated by the user matches the name of thecorresponding directory. In some embodiments, when the authenticationengine 318 verifies that the generated name matches the directory name,the data conceal engine 316 may then transfer the private information inthe root directory stored on the token device to a display screen of thecomputing device. Accordingly, the display screen may not only show thepublic data, but the user's private directories of data as well.

Alternatively, the token device 222 may conceal the directories of databy providing a private encrypted file system and a public file system.The public file system may include the public data and the privateencrypted file system may include the private directories of data.Accordingly, when the public file system displays a generated directoryname that matches the name of the corresponding directory (i.e., it hasbeen authenticated by the authentication engine 318), the public filesystem may decrypt and expose the hidden directory of private datastored in the encrypted file system. In another embodiment, the tokendevice 222 may be partitioned such that the private directories of dataare in a separate encrypted partition, which is hidden from a publicpartition until the authentication engine 318 verifies that thegenerated directory name matches the name of the corresponding directoryname. In other embodiments, an operating system of the computing devicethat is connected to the token device 222 may conceal the presence ofthe private directories of data until the authentication engine 318performs the verification.

FIG. 4 is a flow diagram of an example process 400 for securelyaccessing and storing private data using a token device, according toembodiments. In an embodiment, the process 400 may begin with operation402 when a user connects a token device having memory into a computingdevice. In an embodiment, the token device may then transfer informationfor display to the computing device. The information displayed on thecomputing device may only show public data that is stored on the tokendevice. For example, the public data may include storage capacityindicators (e.g., 10 gigabytes left for storage), the name of amanufacturing company of the token device 222, or any other public datathat is not private data. Private data is considered to be directories(i.e., folders), directory names, data files that correspond thereto, orany data that a user considers to be private. Private data may be anydata designated by a user as private data.

In an embodiment, the user may generate (e.g., type a request to createa directory on the token device) a root directory name on token devicedrive to request a corresponding root directory of private data. Thetoken device may receive this request to retrieve a root directory ofprivate data from the user and perform operation 404 to request the rootdirectory from a remote server computing device by establishing awireless connection between the token device and the server computingdevice and transferring the root directory name to the server computingdevice. The root directory name may be used as a password to retrievethe root directory. Accordingly, the server computing device may performoperation 406 to authenticate the user's identity by using the directoryname. The token device may then receive the root directory from theserver computing device. In an embodiment, when the token devicereceives the directory, the directory becomes visible on the displayscreen of the computing device and the user may accordingly manage theprivate data within the directory.

In operation 408, a user may decide whether it wants to manage theprivate data online, or whether the user wants to perform operation 410to synchronize the token device with the server computing device tostore the directory from the server computing device to the tokendevice. This may enable the user to manage the private data on the tokendevice while offline. In an embodiment, the user may decide to managethe private data while still online (i.e., the wireless connectionbetween the token device and the server computing device is stillestablished). If this occurs, the token device may then performoperation 418 to generate a unique compressed uniform resource locator(URL) each time a link, which corresponds to the compressed URL, isselected by a user to open the directory of private data in a browser.This may be performed to hide the presence of URL footprints such thatunauthorized users may not be able to track the directory names or othersensitive information. In one embodiment, after the user has retrieveddata from a root directory, the user may only be able to accessadditional directories (e.g., sub-directories) using the above process.Accordingly, if the user needs additional directories according tooperation 412, operations 404, 406, 408, 418, and 410 may need to berepeated. According to an embodiment in operation 414, the token devicemay be configured to alter how much of the total storage capacity isvisible using the public storage feature and how much of the totalstorage capacity is not visible using the private storage feature.

Operation 404 occurs when a user generates a root directory name (e.g.,enters a root directory folder name to create a new directory on thetoken device) on the token device drive and a request is made by thetoken device to retrieve a corresponding directory from a servercomputing device. The directory name corresponds to a directory thatcontains one or more desired private data files. When the user insertsthe token device into the computing device in operation 402, the usermay open the token device drive (e.g., open the local disk E with theUSB token device connected) and view an empty drive (e.g., the publicstorage capacity display future showing no data as being stored). In anembodiment, to view any of the private data, the user must generate ormanually type in a directory name on the token device drive. In anembodiment, the directory name is a password used to authenticate theuser's identity for retrieving private data from the server computingdevice. In another embodiment, the directory name is a password used toauthenticate the user's identity for retrieving private data stored onthe token device. The root directory name that the user generates may bethe root directory. A root directory is the top hierarchical folder thathouses other sub-directories and all of the data files. In variousembodiments, each time the user wants to access different directoriesthat correspond to different private data files, the user must generatethe name of the corresponding directory, as discussed further below inoperation 412.

In an embodiment, each time the user connects the token device with acomputing device to retrieve data stored on the server computing deviceor token device, the user must generate a directory name regardless ofwhether or not directory names were generated previously. This may havedifferent security conveniences. For example, if the token device isstolen, an unauthorized user may try to utilize the token device toretrieve data, but unless the unauthorized user knows and generates thedirectory name, the user will only be able to view an empty drive andnot be able to retrieve any files from the directory. Further, in anembodiment, generating the directory name on the token device may be theonly way to retrieve the desired data files. Accordingly, anunauthorized user may not be able to gain access to private data bysimply trying different passwords to a cloud drive itself.

Operation 406 occurs when one or more server computing devices (e.g.,node 10) communicates with the token device to authenticate the user'sidentity. Authentication of the user's identity may occur throughvarious techniques using various application programs. An encryptionengine of the token device may initiate encryption using variousalgorithms. For example, the encryption engine may encrypt the directoryname before the token device sends the directory name to the servercomputing device to request the corresponding directory. The keyingsystem of the token device may create and manage keys that encrypt ordecrypt the directory name or directory files. In various examples, thealgorithm the encryption engine of the token device utilizes may be anasymmetric algorithm type, such as RSA, DH, PGP or other algorithms. Theasymmetric algorithm may be utilized with asymmetric keys. Asymmetrickeys may include private and public keys. A private key is a string ofalphanumeric text, which may in itself be encrypted, that a user keepsconfidential that is used to encrypt or decrypt the directory name(i.e., the password) or files. In an embodiment, the private key may bestored on the token device. A public key is also a string ofalphanumeric text, which may in itself by encrypted, that is revealed tooutside sources and interacts with the user's private key to encrypt ordecrypt the directory name or files. For example, a server computingdevice (e.g., node 10) may employ a public key stored on the server tointeract with a user's private key. In this embodiment, the user's tokendevice may send a request to the server computing device for thedirectory using the directory name along with a private key to encryptthe directory name. The server computing device may include a public keyto authenticate the user's identity by decrypting the directory name andmatching a signature that corresponds to the private key with the actualrequest.

In an alternative embodiment, the algorithm type may be a symmetricalgorithm that is meant to be utilized with a symmetric key. Thesymmetric algorithm may be any number of algorithms such as triple DES,IDEA, AES, or other algorithms. For a symmetric key algorithm, only onekey is utilized to encrypt and decrypt the directory name. For example,the token device may send a request for a directory using a rootdirectory name stored on the server computing device. In this example,the token device may not include a private key and consequently, thedirectory name may be sent to the server computing device unencrypted.However, when the server computing device receives the request, theserver computing device may employ a symmetric key to both encrypt anddecrypt the request.

The encryption engine and keying system of the token device may becombined to form various methods of performing operation 406 toauthenticate a user's identity using the generated directory name. In anembodiment, a public key infrastructure (“PKI”) may be utilized tocreate, organize, store, distribute and maintain public keys.Accordingly, the encryption engine of the token device may generateasymmetric algorithms to authenticate a user's identity. In thisembodiment, after the user generates root directory name with the tokendevice connected to a computing device, the token device, with itswireless capability, may send a request (i.e., the directory name) tothe server computing device for the directory that correspond to theuser's generated directory name. This request may be coupled with adigital certificate that guarantees a user is an owner of private andpublic keys. A first server computing device, such as a certificateauthority server may receive the request and determine whether thedigital certificate is valid by checking with a second server computingdevice, such as a key server, to see if the digital certificate is inthe second server computing device's list of trusted entities. If thedigital certificate is not recognized, the connection may be droppedbetween the token device and the server computing devices. If thedigital certificate is recognized, the PKI authentication system mayvalidate the certificate. If the digital certificate is authorized, allof the private data from the root directory that corresponds to theuser-generated directory name will be sent to and appear on the tokendevice. Accordingly, the user may then be able to view and access thedata files of the directory that corresponds to the first generateddirectory name.

In an embodiment, a first server computing device may create a sessionkey, which may be a symmetric key, and encrypt the session key with apublic key. The encrypted information may then sent back to a user. Theprivate key stored on the token device may then be utilized to decryptthe information received from the server and extract the session key.The session key may be used to encrypt and decrypt data files that aresent back and forth between the server computing device and the user,whether through initially accessing data or storing data to the clouddrive.

In an alternative embodiment, a non-PKI authentication system may beutilized with keys that perform different functions than describedabove. For example, after the user generates a root directory name withthe token device connected, the token device, with its wirelesscapability, may send a request to the server computing device (e.g.,node 10) for all of the files that correspond to a directory of theuser's first generated directory name. In this embodiment, the user'sprivate key may be stored on the token device and may encrypt themessage and directory name before the message is sent to the servercomputing device. The encrypted directory name along with the user'sprivate key may be a digital signature. A server computing device maythen decrypt the message and private key using a public key and comparethe digital signature with the message to verify that there is a matchbetween the directory name and private key for authentication. In otherembodiments, a server computing device may compare the user's generateddirectory name with the corresponding directory name of files stored onthe server computing device for authentication.

In an embodiment of operation 408, after a user receives the rootdirectory that corresponds to the first generated directory name, theuser may choose between managing the private data directly from a webbrowser, or may choose to simply synchronize the token device with theserver computing device such that the user may manage the data filesoffline. If the user chooses to manage private data directly from a webbrowser, then a compressed URL generator from the token device maygenerate a unique compressed uniform resource locator (“URL”) each timea link, which corresponds to the compressed URL, is selected to open theone or more data files in a browser. In an embodiment, after the user'sidentity is authenticated and the desired directory with thecorresponding private data are on the token device, a link or shortcuticon may appear on the directory indicating that the user may open thecloud drive in a web browser that corresponds to a particular web page.The link may read “open cloud drive in browser,” “manage data online,”“online,” or any suitable phrase indicating that the cloud drive may beopened in a web browser. The link may also be a graphic icon. In anembodiment, the link may appear on the root directory. In otherembodiments, the link may appear on other sub-directories.

In an embodiment, the link corresponds to a compressed URL, also knownas a “tinyurl,” or “shortened URL.” Logic within the token device andthe cloud drive may change the compressed URL each time the link isselected to open the one or more data files in a browser. This processmay occur in various manners. For example, a compressed URL generator ofthe token device may take an original long-form URL and convert it intoa compressed URL. In one illustrative example, the compressed URLgenerator 310 may convert the long-form URL that is in base-n, into abase 36, 62, or any other appropriate base. One convenience ofgenerating a compressed URL is that an unauthorized user may not be ableto simply observe the URL address and request the associated directoryof private data. The compressed URL may accordingly disguise thelong-form URL address. Further, a convenience of the token deviceemploying its own URL generator may be that a user does not have to relyon a third party service to generate compressed URLs.

In an embodiment, once a user selects the link to open one or more datafiles in a browser, logic in the token device may send the uniquecompressed URL to a browser along with a particular algorithm. When thebrowser performs a domain name lookup, a domain name server mayinterpret and verify the algorithm to know where to route the request toopen the one or more data files in a browser. The domain name server mayredirect the compressed URL such that a corresponding web page may nowbe available for the compressed URL. In this embodiment, a domain nameservice may need to know what algorithm is used and know what InternetProtocol (IP) address to route the request to.

Some browsers may save a history of all activities performed on thebrowser. Accordingly, a history footprint of URLs that correspond to webpages may be saved on the browser. One potential risk is that anunauthorized user may try to gain access to private data that arerequested by an initial user by looking up the browsing history of theuser. For example, if a user manages one or more private data files froma public computer and utilized the browser, a subsequent unauthorizeduser may try to track the browsing history to determine the link thatcorresponds to the location of the private data. In an embodiment of thepresent disclosure, if a subsequent unauthorized user found and selectedthe link that corresponds to the compressed URL and directory name, thedomain name server may employ logic to verify that although thealgorithm is a match, the algorithm was already used at a prior time.Consequently, the domain name server would not route the request toretrieve desired private data. The original valid user may keeprequesting the data files as many times as desired from any locationbecause the compressed URL generator may generate a different compressedURL each time a link is selected to open the one or more directories ina browser.

In an alternative embodiment, the compressed URL may correspond to astatic URL or cloud drive. For example, when the user selects the linkin which a compressed URL is generated, the user may be brought to aparticular cloud service web page, and the cloud service's internalsystem may be responsible for directing all compressed URL datarequests. In this example, the interpreter of the compressed URL may bethe cloud service entity that houses the desired data files, as opposedto a third party domain name service. In this embodiment, having aparticular cloud drive provider be responsible for directing allcompressed URL data requests may decrease any dependency on outsidedomain name service entities to keep data files secure.

In operation 410, the token device may be synchronized with the servercomputing device to store the directory from the server computing deviceto the token device. This may enable the user to access the directory onthe token device while offline. For example, FIG. 5 is a flow diagram ofan example process 500 of accessing offline data that is stored on thetoken device. In an embodiment, after a server computing deviceauthenticates a user's identity using a root directory name as part ofoperation 406, and the desired directory of files is returned to theuser, the user may have an option to perform operation 502 tosynchronize the token device with the server computing device to storethe directory from the server computing device to the token device. Inone embodiment, the user may then perform operation 504 to disconnectthe token device from the computing device at a first time. The user maythen perform operation 506 to re-connect the token device to another (orthe same) computing device at a second time. In an embodiment,re-connecting the token device may be performed without establishing awireless connection to a server computing device (e.g., turning awireless capability switch off on the token device). In an embodiment,after the user re-connects the token device for operation 506, the tokendevice may transfer information for display to the computing device. Theinformation may describe public data stored on the token device. Thewireless token may have the capability to communicate with the computingdevice operating system to make the private data not visible to users,even though the private data is stored on the token device. A user maythen request a desired directory by performing operation 508 to generatea corresponding directory name on the token device drive. The tokendevice may then receive the request to retrieve the directory (e.g.,root directory) of private data stored on the token device, the requestspecifying a directory name that is used as a password to retrieve thedirectory stored on the token device. The token device may thenauthenticate the request for the directory by verifying that thedirectory name matches the root directory. The token device may thentransfer the information in the directory stored on the token device toa display screen of the computing device. Operation 510 may then beperformed to access the synchronized data stored on the token device.

The process 500 may strengthen the security measures for embodiments ofthe present disclosure. For example, an unauthorized user who steals thetoken device may still be required to know the directory name toretrieve any desired data files, even though the desired data files maybe stored on the token device. Accordingly, the directory name may actas a password to retrieve any desired information from a servercomputing device or server.

In another embodiment, the user may simply desire to work offlinewithout physically disconnecting the token device as specified inoperation 504. For example, after a server computing deviceauthenticates a user's identity using a directory name, and the desireddirectory is returned to the user, the user may synchronize the tokendevice with the server computing device to store data files from theserver computing device to the token device. The user may then turn offa wireless capability of the token device by pushing a power switch onthe token device. The user may continue to manage any synchronized datafiles offline and later synchronize the token device with a servercomputing device to store offline data entries to the server computingdevice.

In yet another embodiment, after the server computing deviceauthenticates a user's identity using a root directory name, and thecorresponding root directory is returned to the user, the user may havean option to choose which sub-directories from a plurality ofsub-directories to synchronize. In this embodiment the user maysynchronize the token device with the server computing device to storespecific directories, as opposed to all of the directories, from thecloud drive to the token device. For example, a user may access theprivate data from a first root directory, which includes a plurality ofsub-directories. The user may not need all of the data files from all ofthe sub-directories. Accordingly, the user may only synchronize one ortwo sub-directories. However, in an embodiment, if the user needed datafrom any sub-directories, the user may have to generate a sub-directoryname, as discussed more below. The option to choose which directories tosynchronize may be useful for storage purposes. For example, a user mayhave large amounts of data stored on a server computing device, but onlya limited amount of data storage capacity on the token device.Consequently, the user may have to choose which directories the userwill store from the server computing device to the token device as partof the synchronization process.

In another embodiment, the user may desire to insert and store privatedata to a token device while offline and later copy the data to a servercomputing device. FIG. 6 is a flow diagram of an example process 600 ofgenerating offline data entries on a token device and synchronizing to aserver computing device to store the data entries to the servercomputing device. In an example, the user may first initiate the process600 by performing operation 602 to insert offline data entries on thetoken device. Accordingly, the wireless connection between the tokendevice and the server computing device may be disconnected. The tokendevice may then store and receive the offline data entries. At adifferent time, the token device may perform operation 604 tore-establish the wireless connection between the token device and theserver computing device (e.g., through turning on a wireless connectionpower switch or re-connecting the token device). The token device maythen perform operation 610 by synchronizing the token device with theserver computing device to store the offline data entries from the tokendevice to the server computing device. In this embodiment, thesynchronization may occur at substantially the same time as a tokendevice establishes wireless connection to a server computing device(e.g., one or two seconds after the connection).

In an alternative embodiment, the synchronization may occur after atoken device makes a request for a corresponding directory from a servercomputing device in which the offline data entries are synchronized tothe corresponding directory. In this embodiment the user may generatethe directory name on the token device drive that corresponds to theoffline data entries. The server computing device may then authenticatethe user's identity using any of the techniques as described inoperation 404 by utilizing the directory name as a password to retrievethe corresponding directory. After authentication, the directory thatcorresponds to the generated directory name may become visible on thedisplay screen of a computing device that the token device is connectedto. The user may then drag the offline data entries into thecorresponding directory that is visible on a computing device displayscreen. When the entries are dragged into the directories, asynchronization may occur such that new data entries generated offlinemay be copied and stored to the token device, and sent and stored to theserver computing device.

In yet another embodiment, the user may generate a root directory nameon the token device drive to retrieve the corresponding root directory.The server computing device may then authenticate the user's identityusing any of the techniques as described in operation 404 by utilizingthe directory name as a password to retrieve the correspondingdirectory. After authentication, the root directory that corresponds tothe generated root directory name may become visible on the displayscreen of a computing device that the token device is connected to.Within the root directory may be a sub-directory with properties tostore any offline data entries to the server computing device. The usermay then drag (i.e. transfer) any quantity of offline data entries intothe corresponding sub-directory of the root directory on the tokendevice. When the offline data entries are dragged into the rootdirectory, a synchronization may occur such that the transferring of theany quantity of offline data entries are stored to the server computingdevice and not the token device. There may be various advantages by notstoring the offline data entries to the token device. For example, auser may drag 100 gigabytes of data onto a 10 gigabyte token device. Butsince the data will be dragged into a directory that synchs only to theserver computing device, this data will not be stored to the tokendevice. Accordingly, the user may not have to be concerned about thetotal storage capacity of the token device.

In operation 412, the user may decide whether to retrieve more privatedata from additional sub-directories. In one embodiment, if the userneeds more private data, the user may repeat operations 404, 406, 408,and either 418 or 410. In an embodiment, if the user managed the dataoffline as part of operation 410, and needed to access additionaldirectories from the server computing device, the token device may haveto establish a wireless connection (e.g., via a power switch orconnecting the token device in operation 402) with the server computingdevice. Accordingly, the token device may receive a request to retrievea sub-directory of the root directory of private data, the requestspecifying a sub-directory name. In response to receiving the request toretrieve a sub-directory, the token device may request the sub-directoryby transferring the sub-directory name to a server computing device. Thesub-directory name may be used as a password to retrieve thesub-directory. The token device may then receive the sub-directory fromthe server computing device.

In an illustrative example, at a first time, a user may connect thetoken device in operation 402 to a computing device. The user may thengenerate (e.g., type) a root directory name one the token device driveand the token device may perform operation 404 to request the rootdirectory using the root directory name as a password. A servercomputing device may then authenticate the user's identity as part ofoperation 406. The user may then decide to work online and select a linkon the root directory, whereby compressed URLs are generated as part ofoperation 418. The root directory may contain all of thesub-directories. The user may then decide that it only needs data fromtwo sub-directories. Accordingly, at a second time, the user maygenerate a sub-directory name on the token device drive that correspondsto the desired sub-directory. The token device, with its wireless accesscapability still activated, may request the sub-directory using thesub-directory name as a password to retrieve the sub-directory. One ormore server computing devices may again authenticate the user's identityusing the sub-directory name. The user may decide to still keep workingonline. At a third time, the user may decide that it wants data from asecond sub-directory. Accordingly, the user would generate thecorresponding second sub-directory name, data would be requested, andthe user's identity would again be authenticated using the secondsub-directory name to retrieve the second sub-directory.

In an embodiment, for every directory that a user needs to access, theuser may have to generate the corresponding directory name to manage theprivate data. This may act as a hierarchical and layered passwordapproach to secure sensitive data. For example, an unauthorized user maydiscover a sub-directory name (i.e., password), and may try to generatethe sub-directory name with the token device connected to a computingdevice. However, in an embodiment, an unauthorized user would not beable to retrieve the private data because the user would have to knowand generate a root directory name first to have access to thesub-directories. In an alternative example, the unauthorized user maydiscover the root directory name and try to access sub-directory datafiles accordingly. However, if the unauthorized user did not know theother sub-directory names, the unauthorized user would not be able toopen the sub-directories to obtain additional private data. Thishierarchical approach may effectively force unauthorized users to knowevery single directory password or name that corresponds to the desireddirectories, as opposed to an unauthorized user only having to know asingle password to gain access to all the files of all of thedirectories. An additional useful feature of the hierarchical approachmay be that each directory is not viewable or is hidden from anunauthorized user's view unless each directory name is generated.

In one embodiment, the token device may include a public storage engineto display a public storage. The display of the public storage may showa total storage capacity that is less than the actual total storagecapacity of the token device and the display of the public storage mayshow only the public data stored on the token device. For example, whenthe user initiates the process for private data retrieval and connectsthe token device to the computing device, the user may view as part ofthe public data, an indicator that shows that half of a 64 gigabytestorage capacity remains. In this example, the actual storage capacitymay be viewable such that the total storage capacity amount is publicdata. Accordingly, the public storage engine may not be utilized. Inanother example, even if half of a 64 gigabyte storage capacity remainedon a token device, no indicator may be visible on the computing devicedisplay screen showing the storage capacity. In this example, the publicstorage engine may be utilized to conceal all of the total storagecapacity on the token device.

In various embodiments and according to operation 314, the token devicemay be configured to alter how much of the total storage capacity isdisplayed for the public storage. For example, a token device may be aflash drive that includes a 64 gigabyte total storage capacity. The usermay have used 32 of the 64 gigabytes. The user may decide that it onlywants 500 megabytes available for public storage to show the totalcapacity. Accordingly, the public data shown on the display screen mayonly show a storage capacity of 500 megabytes. In various embodiments,the token device may communicate with the operating system of acomputing device or data conceal engine of the token device to hide thepresence of the remaining storage capacity. In another embodiment, anelectronic display on the token device 222 may show that the tokendevice only has a storage capacity of 500 megabytes, when in reality ithas a storage capacity of 64 gigabytes. The actual display on the tokendevice may be any sort of flag mechanism such as an electronic paperreadout (ePaper readouts), meter, Light Emitting Diode (LED), or otherelectronic display. This public storage feature may be useful forseveral reasons. For example if an unauthorized user found the tokendevice and saw that the token device only had a 500 megabyte storagecapacity, when in reality the token device had a 64 gigabyte capacity,the unauthorized user may not steal the token device because of the lowstorage capacity.

Referring now to FIG. 7, a schematic of an example of a cloud computingnode is shown. Cloud computing node 10 is only one example of a suitablecloud computing node and is not intended to suggest any limitation as tothe scope of use or functionality of embodiments of the inventiondescribed herein. Regardless, cloud computing node 10 is capable ofbeing implemented and/or performing any of the functionality set forthhereinabove.

In cloud computing node 10 there is a computer system/server 12, whichis operational with numerous other general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for use with computer system/server 12 include, but are notlimited to, personal computer systems, server computer systems, thinclients, thick clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed cloud computing environments thatinclude any of the above systems or devices, and the like.

Computer system/server 12 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 12 may be practiced in distributed cloudcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed cloud computing environment, program modules may be locatedin both local and remote computer system storage media including memorystorage devices.

As shown in FIG. 7, computer system/server 12 in cloud computing node 10is shown in the form of a general-purpose computing device. Thecomponents of computer system/server 12 may include, but are not limitedto, one or more processors or processing units 16, a system memory 28,and a bus 18 that couples various system components including systemmemory 28 to processor 16.

Bus 18 represents one or more of any of several types of bus structures,including a memory bus or memory controller, a peripheral bus, anaccelerated graphics port, and a processor or local bus using any of avariety of bus architectures. By way of example, and not limitation,such architectures include Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnects (PCI) bus.

Computer system/server 12 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 12, and it includes both volatileand non-volatile media, removable and non-removable media.

System memory 28 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 30 and/or cachememory 32. Computer system/server 12 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 34 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 18 by one or more datamedia interfaces. As will be further depicted and described below,memory 28 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

Program/utility 40, having a set (at least one) of program modules 42,may be stored in memory 28 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating system, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 42 generally carry out the functions and/ormethodologies of embodiments of the invention as described herein.

Computer system/server 12 may also communicate with one or more externaldevices 14 such as a keyboard, a pointing device, a display 24, etc.;one or more devices that enable a user to interact with computersystem/server 12; and/or any devices (e.g., network card, modem, etc.)that enable computer system/server 12 to communicate with one or moreother computing devices. Such communication can occur via Input/Output(I/O) interfaces 22. Still yet, computer system/server 12 cancommunicate with one or more networks such as a local area network(LAN), a general wide area network (WAN), and/or a public network (e.g.,the Internet) via network adapter 20. As depicted, network adapter 20communicates with the other components of computer system/server 12 viabus 18. It should be understood that although not shown, other hardwareand/or software components could be used in conjunction with computersystem/server 12. Examples, include, but are not limited to: microcode,device drivers, redundant processing units, external disk drive arrays,RAID systems, tape drives, and data archival storage systems, etc.

Referring now to FIG. 8, a set of functional abstraction layers providedby cloud computing environment 50 (FIG. 1) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 8 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 60 includes hardware and softwarecomponents. Examples of hardware components include: mainframes; RISC(Reduced Instruction Set Computer) architecture based servers; storagedevices; networks and networking components. In some embodiments,software components include network application server software.

Virtualization layer 62 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers;virtual storage; virtual networks, including virtual private networks;virtual applications and operating systems; and virtual clients.

In one example, management layer 64 may provide the functions describedbelow. Resource provisioning provides dynamic procurement of computingresources and other resources that are utilized to perform tasks withinthe cloud computing environment. Metering and Pricing provide costtracking as resources are utilized within the cloud computingenvironment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal provides access to the cloud computing environment forconsumers and system administrators. Service level management providescloud computing resource allocation and management such that requiredservice levels are met. Service Level Agreement (SLA) planning andfulfillment provide pre-arrangement for, and procurement of, cloudcomputing resources for which a future requirement is anticipated inaccordance with an SLA.

Workloads layer 66 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation; software development and lifecycle management; virtualclassroom education delivery; data analytics processing; transactionprocessing; and providing security to access and store data.

Aspects of the present invention may be a system, a method, and/or acomputer program product. The computer program product may include acomputer readable storage medium (or media) having computer readableprogram instructions thereon for causing a processor to carry outaspects of the various embodiments.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofembodiments of the present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of embodiments of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

1-8. (canceled)
 9. A token device for providing security to access andstore data, comprising: a private data conceal engine configured totransfer first information for display from the token device having amemory to a first computing device at a first time, the token deviceconnected to the first computing device and the first informationdescribing public data stored on the token device; a radio configured toestablish a wireless connection between the token device and a servercomputing device, wherein the token device receives a request toretrieve a root directory of private data, the request specifying a rootdirectory name and in response to the receiving of the request, thetoken device requests the root directory from the server computingdevice and receives the root directory from the server computing device;and a cryptosystem configured to transfer the root directory name to theserver computing device, wherein the root directory name is used as apassword to retrieve the root directory from the server computingdevice.
 10. The token device of claim 9, wherein the radio is furtherconfigured to receive a request to retrieve a sub-directory of the rootdirectory of private data, the request specifying a sub-directory name,and in response to the receiving of the request, the token devicerequests the sub-directory from the server computing device and receivesthe sub-directory from the server computing device; and wherein thecryptosystem is further configured to transfer the sub-directory name tothe server computing device, wherein the sub-directory name is used as apassword to retrieve the sub-directory from the server computing device.11. The token device of claim 9, wherein the radio is further configuredto synchronize the token device with the server computing device tostore the root directory from the server computing device to the tokendevice.
 12. The token device of claim 11, wherein the data concealengine is further configured to transfer second information for displayto a second computing device at a second time, wherein the token deviceis connected to the second computing device, the second informationdescribing the public data stored on the token device; furthercomprising an authentication engine configured to receive a request toretrieve the root directory of private data stored on the token device,the request specifying the root directory name that is used as apassword to retrieve the root directory stored on the token device, andin response to receiving the request to retrieve the root directory ofprivate data stored on the token device, the authentication enginefurther configured to authenticate the request by verifying that theroot directory name matches the name of the root directory; and whereinthe data conceal engine is further configured to transfer the rootdirectory of private data stored on the token device to a display screenof the second computing device.
 13. The token device of claim 9, furthercomprising a compressed URL generator configured to generate a uniquecompressed URL each time a link, which corresponds to the compressedURL, is selected to open the root directory of private data in abrowser.
 14. The token device of claim 9, further comprising a publicstorage engine configured to display a public storage, wherein thedisplay of the public storage shows a total storage capacity that isless than the actual total storage capacity of the token device and thedisplay of the public storage shows only the public data stored on thetoken device, wherein the token device is configurable to alter how muchof the total storage capacity is displayed for the public storage.
 15. Acomputer program product comprising a computer readable storage mediumhaving program code embodied therewith, the program code comprisingcomputer readable program code configured for: transferring firstinformation for display from a token device having a memory to a firstcomputing device at a first time, the token device connected to thefirst computing device and the first information describing public datastored on the token device; receiving a request to retrieve a rootdirectory of private data, the request specifying a root directory name;in response to receiving the request to retrieve a root directory ofprivate data, requesting the root directory by: establishing a wirelessconnection between the token device and a server computing device,transferring the root directory name to the server computing device,wherein the root directory name is used as a password to retrieve theroot directory, and receiving the root directory from the servercomputing device by the token device.
 16. The computer program productof claim 15, further comprising: receiving a request to retrieve asub-directory of the root directory of private data, the requestspecifying a sub-directory name; in response to receiving the request tocreate the sub-directory of the root directory of private data,requesting the sub-directory by transferring the sub-directory name tothe server computing device, wherein the sub-directory name is used as apassword to retrieve the sub-directory; and receiving the sub-directoryfrom the server computing device by the token device.
 17. The computerprogram product of claim 15, comprising: receiving offline data entriesby the token device, wherein the wireless connection between the tokendevice and the server computing device is disconnected; re-establishingthe wireless connection between the token device and the servercomputing device; and synchronizing the token device with the servercomputing device to store the offline data entries from the token deviceto the server computing device.
 18. The computer program product ofclaim 17, wherein the synchronizing occurs by: transferring secondinformation for display from the token device to a second computingdevice at a second time, the token device connected to the secondcomputing device and the first information describing public data storedon the token device; receiving a request to retrieve the root directoryof private data, the request specifying the root directory name; inresponse to receiving the request to retrieve the root directory ofprivate data, requesting the root directory by transferring the rootdirectory name to the server computing device, wherein the rootdirectory name is used as a password to retrieve the root directory;receiving the root directory from the server computing device by thetoken device; and transferring any quantity of the offline data entriesto the root directory on the token device, wherein the any quantity ofoffline data entries are stored to the server computing device and notthe token device.
 19. The computer program product of claim 15, furthercomprising generating a unique compressed uniform resource locator (URL)each time a link, which corresponds to the compressed URL, is selectedto open the root directory of private data in a browser.
 20. Thecomputer program product of claim 15, further comprising displaying apublic storage, wherein the display of the public storage shows a totalstorage capacity that is less than the actual total storage capacity ofthe token device and the display of the public storage shows only thepublic data stored on the token device, wherein the token device isconfigured to alter how much of the total storage capacity is displayedfor the public storage.